| From: | Stephen Frost <sfrost(at)snowman(dot)net> |
|---|---|
| To: | Bruce Momjian <bruce(at)momjian(dot)us> |
| Cc: | Josh Berkus <josh(at)agliodbs(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgreSQL(dot)org> |
| Subject: | Re: MD5 authentication needs help |
| Date: | 2015-03-05 16:15:55 |
| Message-ID: | 20150305161555.GV29780@tamriel.snowman.net |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
* Bruce Momjian (bruce(at)momjian(dot)us) wrote:
> On Wed, Mar 4, 2015 at 05:56:25PM -0800, Josh Berkus wrote:
> > So, are we more worried about attackers getting a copy of pg_authid, or
> > sniffing the hash on the wire?
>
> Both. Stephen is more worried about pg_authid, but I am more worried
> about sniffing.
I'm also worried about both, but if the admin is worried about sniffing
in their environment, they're much more likely to use TLS than to set up
client side certificates, kerberos, or some other strong auth mechanism,
simply because TLS is pretty darn easy to get working and distros set it
up for you by default.
Thanks,
Stephen
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Stephen Frost | 2015-03-05 16:26:33 | Re: MD5 authentication needs help |
| Previous Message | Stephen Frost | 2015-03-05 16:13:20 | Re: MD5 authentication needs help |